169 matches found
LogicalDOC 跨站脚本漏洞
LogicalDOC is the U.S. LogicalDOC company a set of document management system developed using Java technology . The system has features such as Lucene full-text search indexing and automatic import. A security vulnerability exists in LogicalDOC Enterprise and Community Edition CE. An attacker cou...
CVE-2020-13542
A local privilege elevation vulnerability exists in the file system permissions of LogicalDoc 8.5.1 installation. Depending on the vector chosen, an attacker can either replace the service binary or replace DLL files loaded by the service, both which get executed by a service thus executing...
Privilege escalation
A local privilege elevation vulnerability exists in the file system permissions of LogicalDoc 8.5.1 installation. Depending on the vector chosen, an attacker can either replace the service binary or replace DLL files loaded by the service, both which get executed by a service thus executing...
CVE-2020-13542
A local privilege elevation vulnerability exists in the file system permissions of LogicalDoc 8.5.1 installation. Depending on the vector chosen, an attacker can either replace the service binary or replace DLL files loaded by the service, both which get executed by a service thus executing...
CVE-2020-13542
CVE-2020-13542 is a local privilege escalation in LogicalDoc 8.5.1 caused by insecure file-system permissions that allow replacing the service binary or loaded DLLs. This leads to arbitrary code execution with SYSTEM privileges when the service runs. TALOS details show the vulnerability affects t...
LogicalDoc installation privilege escalation vulnerability
Summary A local privilege elevation vulnerability exists in the file system permissions of LogicalDoc 8.5.1 installation. Depending on the vector chosen, an attacker can either replace the service binary or replace DLL files loaded by the service, both which get executed by a service thus executi...
CVE-2020-10366
LogicalDoc before 8.3.3 allows /servlet.gupld Directory Traversal, a different vulnerability than CVE-2020-9423 and CVE-2020-10365...
CVE-2020-10366
LogicalDoc before 8.3.3 allows /servlet.gupld Directory Traversal, a different vulnerability than CVE-2020-9423 and CVE-2020-10365...
Directory traversal
LogicalDoc before 8.3.3 allows /servlet.gupld Directory Traversal, a different vulnerability than CVE-2020-9423 and CVE-2020-10365...
LogicalDoc path traversal vulnerability (CNVD-2020-33721)
LogicalDOC is a set of document management system developed using Java technology . The system has Lucene full-text search indexing and automatic import and other functions. A path traversal vulnerability exists in /servlet.gupld in LogicalDoc versions prior to 8.3.3. A remote attacker can exploi...
CVE-2020-10366
LogicalDoc before 8.3.3 allows /servlet.gupld Directory Traversal, a different vulnerability than CVE-2020-9423 and CVE-2020-10365...
CVE-2020-10366
CVE-2020-10366 pertains to LogicalDoc prior to 8.3.3, where a directory traversal exists via the path “/servlet.gupld.” The connected Red Hat entry and CNVD-33721 confirm the same issue as a path traversal vulnerability. The available data does not provide concrete details on root cause mechanics...
LogicalDOC Arbitrary File Upload Vulnerability
LogicalDOC is a set of document management system developed using Java technology . The system has Lucene full-text search indexing and automatic import and other functions. A security vulnerability exists in LogicalDoc versions prior to 8.3.3. The vulnerability can be exploited to upload arbitra...
LogicalDoc SQL Injection Vulnerability
LogicalDOC is a set of document management system developed using Java technology . The system has Lucene full-text search indexing and automatic import and other functions. A SQL injection vulnerability exists in LogicalDoc versions prior to 8.3.3. The vulnerability stems from a lack of validati...
CVE-2020-10365
LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the list of available documents by querying the database. This list could be filtered by modifying some of the parameters. Some of them are not properly sanitized which could allow an authenticated attacker to perform arbitrary...
CVE-2020-9423
LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary files, leading to command execution or retrieval of data from the database. LogicalDoc provides a functionality to add documents. Those documents could then be used for multiple tasks, such as version control, shared among users,...
CVE-2020-10365
LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the list of available documents by querying the database. This list could be filtered by modifying some of the parameters. Some of them are not properly sanitized which could allow an authenticated attacker to perform arbitrary...
CVE-2020-9423
LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary files, leading to command execution or retrieval of data from the database. LogicalDoc provides a functionality to add documents. Those documents could then be used for multiple tasks, such as version control, shared among users,...
Design/Logic Flaw
LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary files, leading to command execution or retrieval of data from the database. LogicalDoc provides a functionality to add documents. Those documents could then be used for multiple tasks, such as version control, shared among users,...
Sql injection
LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the list of available documents by querying the database. This list could be filtered by modifying some of the parameters. Some of them are not properly sanitized which could allow an authenticated attacker to perform arbitrary...